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1 identification and authentication when users have multiple accounts 
|& W. R. Shockley 

^ August 1993 Proceedings on the 1992-1993 workshop on New security paradigms 
Publisher: ACM Press 

Full text available: Wl pdf{788.71 KB) Additional Information: lull citation, references 



User authentication through keystroke dynamics 
Francesco Bergadano, Daniele Gunetti, Claudia Picardi 

November 2002 ACM Transactions on Information and System Security (TISSEC), 

Volume 5 Issue 4 

Publisher: ACM Press 

Additional Information: Ml .citation, abstract, references, index terjns, 
review 



Full text available: *|£d^35J„,02.KBJ 



Unlike other access control systems based on biometric features, keystroke analysis has 
not led to techniques providing an acceptable level of accuracy. The reason is probably 
the intrinsic variability of typing dynamics, versus other— very stable— biometric 
characteristics, such as face or fingerprint patterns. In this paper we present an original 
measure for keystroke dynamics that limits the instability of this biometrjc feature. We 
have tested our approach on 154 individuals, achieving a F ... 

Keywords: Biometric techniques, keystroke analysis 
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Imsi„remmmendations 

Component based trust management in the context of a virtual organization 
Yanjun Zuo, Brajendra Panda 

March 2005 Proceedings of the 2005 ACM symposium on Applied computing SAC '05 
Publisher: ACM Press 

Full text available: *gf| pdff288.49 K3) Additional Information: full citation, abstract, references 

One of the difficulties in evaluating the trustworthiness of an object in a virtual 
organization is the lack of sufficient information to study how the object was formed and 
to what level its components should be trusted. If a subject could be provided with 
detailed information about the ingredients of a compound object, then the subject would 
be able to evaluate the trust level of that compound object with higher confidence. This 
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paper introduces a scheme using labels associated with each objec ... 

Keywords: information flow, recommendation, trust management, virtual organization 

KeyMrQke.anaJysjs Q 
Daniele Gunetti, Claudia Picardi 

August 2005 ACM Transactions on Information and System Security (TISSEC), Volume 8 

Issue 3 

Publisher: ACM Press 

Full text available: ||| pdff277.07 KB) Additional Information: full citation, abstract, references, index terms 

Keystroke dynamics can be useful to ascertain personal identity even after an 
authentication phase has been passed, provided that we are able to deal with the typing 
rhythms of free text, chosen and entered by users without any specific constraint. In this 
paper we present a method to compare typing samples of free text that can be used to 
verify personalidentity. We have tested our technique with a wide set of experiments on 
205 individuals, obtaining a False Alarm Rate of less than 5&p ... 

Keywords: Biometric techniques, identity verification, keystroke analysis of free text 
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architecture using trusted computing technology 
Ravi Sandhu, Xinwen Zhang 

June 2005 Proceedings of the tenth ACM symposium on Access control models and 

technologies 
Publisher: ACM Press 

Full text available: *g| pdf{215.48 K3) Additional Information: full citation, abstract, references, index terms 

It has been recognized for some time that software alone does not provide an adequate 
foundation for building a high-assurance trusted platform. The emergence of industry- 
standard trusted computing technologies promises a revolution in this respect by 
providing roots of trust upon which secure applications can be developed. These 
technologies offer a particularly attractive platform for security in peer-to-peer 
environments. In this paper we propose a trusted computing architecture to enforce ac ... 

Keywords: access control, policy enforcement, security architecture, trusted computing 
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AppiicationJayer..mob Q 
Henning Schulzrinne, Elin Wedlund 

July 2000 ACM SIGMOBILE Mobile Computing and Communications Review, volume 4 

Issue 3 

Publisher: ACM Press 

Full text available: ^ pdff1.34 MB) Additional Information: full citation, abstract, citings , index terms 

Supporting mobile Internet multimedia applications requires more than just the ability to 
maintain connectivity across subnet changes. We describe how the Session Initiation 
Protocol (SIP) can help provide terminal, personal, session and service mobility to 
applications ranging from Internet telephony to presence and instant messaging. We also 
briefly discuss application-layer mobility for streaming multimedia applications initiated by 
RTSP. 

Electronic commerce universal access device-the knowledge-acquiring layered □ 
infrastructure (KALH project 
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Theodore Chiasson, Came Gates 
September 2000 Crossroads, volume 7 issue l 

Publisher: ACM Press 

Full text available: |^..htn?^35,92.KBj Additional Information: Ml citation., indexierrns 



8 Securing a wireless network Q 
sM Jon Allen, Jeff Wilson 

^ November 2002 Proceedings of the 30th annual ACM SIGUCCS conference on User 
services 
Publisher: ACM Press 

Full text available: ^pdfC12^35„KB) Additional Information: fuNcitatjon, abstract, references, index terns 

Driven by pressure to facilitate mobile computing, universities are plunging into wireless 
networking. Although wireless offers convenience and low-cost deployment, it lacks any 
inherent means of strong security. Common methods of securing wireless networks 
include WEP, VPN, MAC registration, IEEE 802. lx, and Firewalls. Each method offers some 
security, but at varying levels of complexity, convenience, cost effectiveness and 
completeness. Each security method has its own drawbacks. . 



Keywords: 802. Hi, 802. lx, EAP-LEAP, EAP-MD5, EAP-TLS, EAP-TTLS, VPN, WEP 



9 A.moM.Pf.QASIS.roie^ 
m± Jean Bacon, Ken Moody, Wait Yao 

November 2002 ACM Transactions on Information and System Security (TISSEC), 

Volume 5 Issue 4 

Publisher: ACM Press 

Additional Information: full citation, abstract , references, citings, index 



Full text available: ■ ppdf{352.G6 KB) 

^ terms 

OASIS is a role-based access control architecture for achieving secure interoperation of 
services in an open, distributed environment. The aim of OASIS is to allow autonomous 
management domains to specify their own access control policies and to interoperate 
subject to service level agreements (SLAs). Services define roles and implement formally 
specified policy to control role activation and service use; users must present the required 
credentials, in an appropriate context, in order to activat ... 

Keywords: Certificates, OASIS, RBAC, distributed systems, policy, role-based access 
control, service-level agreements 



1 0 Protect]^ Q 
m± Mark D. Corner, Brian D. Noble 

Nr; May 2003 Proceedings of the 1st international conference on Mobile systems, 
applications and services MobiSys '03 
Publisher: ACM Press 

Full text available: ^ pdf(294.40 KB) Additional Information: full citation, abstract, references 

How does a machine know who is using it? Current systems authenticate their users 
infrequently, and assume the user's identity does not change. Such persistent 
authentication is inappropriate for mobile and ubiquitous systems, where associations 
between people and devices are fluid and unpredictable. We solve this problem with " 
Transient Authentication, in which a small hardware token continuously authenticates the 
user's presence over a short-range, wireless link. We present the fo ... 
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; CoJumns;.„RisksMthep.u 
Peter G. Neumann 

November 2003 ACM SIGSOFT Software Engineering Notes, volume 28 issue 6 
Publisher: ACM Press 

Full text available: ^pdJll2A63.KB) Additional Information: MLsitatioo. 



1 2 Trust and Jraceabj^ Q 
Dennis D. Steinauer, Shukri A. Wakid, Stanley Rasberry 
September 1997 StandardView, volume 5 issue 3 
Publisher: ACM Press 

Full text available: ^pdf£4gj.§. KB) Additional Information: fuiLcitatjon, references, citings 



13 Risks to the pubiic: Risks to the public Q 
Jki Peter G. Neumann 

^ July 2005 ACM SIGSOFT Software Engineering Notes, Volume 30 issue 4 
Publisher: ACM Press 

Full text available: ^pdfC15J„J7„KB) Additional Information: MLcitaiion, abstract, jMexJerrns 

Edited by Peter G. Neumann (Risks Forum Moderator and Chairman of the ACM 
Committee on Computers and Public Policy), plus personal contributions by others, as 
indicated. Opinions expressed are individual rather than organizational, and all of the 
usual disclaimers apply. We address problems relating to software, hardware, people, and 
other circumstances relating to computer systems. To economize on space, we include 
pointers to items in the online Risks Forum: (R i j) denotes RISKS vol i number ... 

14 Privacy and security: an ethical anaiysis Q 
^ Gregory J. Walters 

^ June 2001 ACM SIGCAS Computers and Society, volume 3i issue 2 
Publisher: ACM Press 

Full text available: ^ pdf(1.98 M3) Additional Information: full citation, references, citings, index terms 



15 Risks to the pubiic: Risks to the pubiic Q 
^ Peter G. Neumann 

^ May 2005 ACM SIGSOFT Software Engineering Notes, Volume 30 issue 3 
Publisher: ACM Press 

Full text available: ^ jpdfd 77.87 K3) Additional Information: full citation, abstract, index terms 

Edited by Peter G. Neumann (Risks Forum Moderator and Chairman of the ACM 
Committee on Computers and Public Policy), plus personal contributions by others, as 
indicated. Opinions expressed are individual rather than organizational, and all of the 
usual disclaimers apply. We address problems relating to software, hardware, people, and 
other circumstances relating to computer systems. To economize on space, we include 
pointers to items in the online Risks Forum: (R i j) denotes RISKS vol i number ... 

16 The bout of the century?: information ethics vs. E -commerce Q 
Marsha Woodbury 

June 2000 Ubiquity, volume l issue is 
Publisher: ACM Press 

Full text available: ^ Jitmj(36 l 23.JKBi Additional Information: MLQMUon, index terms 
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17 Risks to the public: Risks to the public Q 
m± Peter G. Neumann 

^ January 2006 ACM SIGSOFT Software Engineering Notes, Volume 31 issue l 
Publisher: ACM Press 

Full text available: *||| pdfM39.10 K3i Additional Information: full citation, abstract 

Edited by Peter G. Neumann (Risks Forum Moderator and Chairman of the ACM 
Committee on Computers and Public Policy), plus personal contributions by others, as 
indicated. Opinions expressed are individual rather than organizational, and all of the 
usual disclaimers apply. We address problems relating to software, hardware, people, and 
other circumstances relating to computer systems. To economize on space, we include 
pointers to items in the online Risks Forum: (R i j) denotes RISKS vol i number ... 

1 8 My It i-ageM. system □ 
^ frameworkjn.e-co 

^ Richard Au, Harikrishna Vasanta, Kim-Kwang Raymond Choo, Mark Looi 

March 2004 Proceedings of the 6th international conference on Electronic commerce 

ICEC '04 
Publisher: ACM Press 

Full text available: pdfl291.06 KB) Additional Information: full citation, abstract. references 

A novel user-centric authorisation framework suitable for e-commerce in an open 
environment is proposed. The credential-based approach allows a user to gain access 
rights anonymously from various service providers who may not have pre-existing 
relationships. Trust establishment is achieved by making use of referrals from external 
third parties in the form of Anonymous Attribute Certificates. The concepts of One-task 
Authorisation Key and Binding Signature are proposed to fac ... 

19 Columns: Risks to the public in computers and reiated systems Q 
M± Peter G. Neumann 

^ March 2004 ACM SIGSOFT Software Engineering Notes, volume 29 issue 2 
Publisher: ACM Press 

Full text available: ^jadfil65 s 39 KB) Additional Information: Mutation 
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Peter G. Neumann 

V March 2002 ACM SIGSOFT Software Engineering Notes, volume 27 issue 2 
Publisher: ACM Press 

Full text available: ffipdfii,5AMB) Additional Information: full citation 
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